miracum · miracum-renovate · Jan 5, 2025 · Jan 4, 2025
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -87,7 +87,7 @@ jobs:
           fi
 
       - name: Create k8s Kind Cluster
-        uses: helm/kind-action@ae94020eaf628e9b9b9f341a10cc0cdcf5c018fb # v1.11.0
+        uses: helm/kind-action@a1b0e391336a6ee6713a0583f8c6240d70863de3 # v1.12.0
         if: ${{ steps.list-changed.outputs.changed == 'true' }}
         with:
           cluster_name: kind-cluster-k8s-${{ matrix.k8s-version }}

diff --git a/.github/workflows/megalinter.yaml b/.github/workflows/megalinter.yaml
@@ -51,7 +51,7 @@ jobs:
       # Upload MegaLinter artifacts
       - name: Archive production artifacts
         if: ${{ always() }}
-        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
+        uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
         with:
           name: MegaLinter reports
           path: |

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -1,6 +1,6 @@
 name: Release Charts

 on:
  push:
    branches:
      - master
@@ -25,7 +25,7 @@
          git config --global --add safe.directory /__w/charts/charts

      - name: Checkout
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          fetch-depth: 0

@@ -46,7 +46,7 @@
        run: generate-chart-changelog.sh

      - name: Run chart-releaser
        uses: helm/chart-releaser-action@a917fd15b20e8b64b94d9158ad54cd6345335584 # v1.6.0
        with:
          config: .github/ct/ct.yaml
        env:
@@ -80,7 +80,7 @@
           kubescape scan framework mitre --format=html --output=kubescape-reports/mitre.html charts/
 
       - name: "Upload kubescape reports"
-        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
+        uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
         with:
           name: kubescape-reports
           path: kubescape-reports/

diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml
@@ -16,7 +16,7 @@ jobs:
     runs-on: ubuntu-24.04
     if: ${{ github.repository == 'miracum/charts' }}
     steps:
-      - uses: actions/create-github-app-token@5d869da34e18e7287c1daad50e0b8ea0f506ce69 # v1.11.0
+      - uses: actions/create-github-app-token@c1a285145b9d317df6ced56c09f525b5c2b6f755 # v1.11.1
         id: app-token
         with:
           app-id: ${{ secrets.RENOVATE_APP_ID }}
@@ -31,7 +31,7 @@ jobs:
           fetch-depth: 0
 
       - name: Self-hosted Renovate
-        uses: renovatebot/github-action@e3a862510f27d57a380efb11f0b52ad7e8dbf213 # v41.0.6
+        uses: renovatebot/github-action@2be773c4be8361d8182cc1b750e75bbc75af71b0 # v41.0.7
         with:
           token: "${{ steps.app-token.outputs.token }}"
           mount-docker-socket: true

diff --git a/.github/workflows/scorecards.yaml b/.github/workflows/scorecards.yaml
@@ -3,7 +3,7 @@
 # policy, and support documentation.

 name: Scorecards supply-chain security
 on:
  # For Branch-Protection check. Only the default branch is supported. See
  # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection
  branch_protection_rule:
@@ -32,12 +32,12 @@

    steps:
      - name: "Checkout code"
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          persist-credentials: false

      - name: "Run analysis"
        uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0
        with:
          results_file: results.sarif
          results_format: sarif
@@ -59,14 +59,14 @@
       # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
       # format to the repository Actions tab.
       - name: "Upload artifact"
-        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
+        uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
         with:
           name: SARIF file
           path: results.sarif
           retention-days: 5
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9
+        uses: github/codeql-action/upload-sarif@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0
         with:
           sarif_file: results.sarif